No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CGN Transition Techniques

CGN Transition Techniques

Basically, three CGN transition techniques are widely used: dual stack, tunneling, or translation. Of the three transition techniques, dual stack is the simplest and most desirable, and the other two are used only in specific scenarios.

Dual Stack

As defined in relevant standards, dual stack refers to the technique for providing message interworking between terminal devices/network nodes and IPv4/IPv6 nodes by installing both IPv4 and IPv6 protocol stacks on terminal devices and network nodes.

Routers supporting IPv4/IPv6 dual-stack enable the network to act as two parallel logical networks and enable a smooth transition to IPv6. As shown in Figure 2-3, the router that supports IPv4/IPv6 dual-stack firstly sends an Authentication, Authorization, Audit, Account (AAAA) request to the DNS server and turns to send an Authentication, Authorization, Audit, or Account request to the DNS server only when the AAAA request is not replied.
Figure 2-3  IPv4/IPv6 dual-stack

With good interoperability, the dual stack mechanism is the most direct mode to make IPv6 nodes compatible with IPv4 nodes. Moreover, it is easy to understand. The use of dual stack, however, increases the occupancy of system resources and decreases the performance of devices, but cannot solve the problem of address shortage. In addition, this mechanism is bound to increase the network complexity and costs since it needs double resources. Dual stack is generally working at two layers: network layer and terminal layer.

Tunneling

Tunneling is used to interconnect isolated IPv6 networks over an IPv4 network or isolated IPv4 islands over an IPv6 network. As shown in Figure 2-4, the tunneling technique requires only border nodes to implement dual stack and enables data of an address family to traverse the network of another address family through a tunnel.
Figure 2-4  Tunneling

At the very beginning of IPv6 development, the tunneling technique worked well in connecting isolated IPv6 networks and incrementally deploying IPv6 without network-wide upgrade, which gradually expanded the IPv6 implementation scope. Therefore, tunneling is a most attractive technology for IPv6 transition at an early stage. As the IPv6 transition develops, even isolated IPv4 networks can be connected through tunnels.

However, the disadvantages of the tunneling technique are that double IP headers increase network costs, tunnel endpoints require additional work on scalability and reliability, and some MTU issues may occur.

Table 2-1 lists the commonly used tunneling techniques and their usage scenarios.

Table 2-1  Comparison of common tunneling techniques

Tunnel Type

Technical Feature

Usage Scenario

Manual tunneling

IP-in-IP or GRE is used for packet encapsulation.

Tunnels of this type are configured manually. They are easy to implement and widely supported by network devices. However, they are not suitable for large-scale deployment.

Automatic tunneling

The IPv6-in-IP mode is used. Stateless automatic tunnel encapsulation is implemented through IPv6 addresses with embedded IPv4 addresses. 6to4 addresses use the well-known prefix, 2002:IPv4-globe-Addr:Suffix.

The feature of an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address is Prefix:0:5EFE:IPv4-Addr.

Automatic tunnels are used as IPv6-in-IPv4 tunnels only. They are implemented through embedded IPv4 addresses. Relying on the IPv4 topology, automatic tunnels are applicable to the early stage of IPv6 transition. Supported by common operating systems, they are suitable for hosts. 6to4 needs public IPv4 addresses for interconnection between IPv6 islands. 6to4 relay routers are used for communication with native IPv6 hosts.

The ISATAP does not have any restriction on IPv4 addresses. It is more applicable to enterprise networks.

MPLS tunnel

6PE/6VPE, IPv6-in-MPLS

MPLS tunnels have good forwarding performance. They are applicable to the network cores. MPLS infrastructures are required.

In addition, 6rd continues to use the 6to4 stateless tunneling mode. 6rd uses provider prefixes instead of the well-known prefix 2002/16 used in 6to4. Thus, IPv6 prefixes can be released on the native IPv6 network, which in turn solves the problem of routing through which the native IP network accesses 6to4 islands.

Translation

Translation is used for interworking between IPv6-only networks and IPv4-only networks. Translation devices are located on the border of two networks. They need to forcibly exchange the corresponding fields of the IP header and translate the IP address carried in the packet body.

Table 2-2 lists the technical feature and usage scenarios of common translation techniques.

Table 2-2  Comparison of common translation techniques

Layer

Technique

Technical Highlights

Usage Scenarios

Network layer

SIIT (Stateless IP/ICMP Translation)

SIIT defines the address translation implemented through the following specific address formats: IPv4 mapping address 0::ffff:a.b.c.d and IPv4 translation address 0::ffff:0:a.b.c.d.

SIIT is stateless translation. It faces the problem of IPv4 address shortage and therefore is applicable only to the communication from an IPv6 network to the IPv4 Internet.

NAT-PT (Network Address Translation-protocol Translator)

NAT-PT is a type of NAT that maps between IPv4 addresses/ports and IPv6 addresses.

NAT-PT is stateful translation. It is built in a router or firewall. It has higher efficiency than the techniques used at the application layer.

BIS (Bump In the Stack)

BIS is a kind of NAT-PT implemented in hosts.

BIS is applicable to single-stack hosts.

Transport layer

TRT (Transport Relay Translator)

TRT refers to translation at the transport layer.

TRT is applicable to routers.

Application Layer

SOCKS64

The SOCKS protocol allows a SOCKS proxy server to implement address translation.

The host software must be upgraded and a special SOCKS server must be deployed. SOCKS is applicable to specific application scenarios.

BIA (Burned-in MAC Address)

BIA is a type of SOCKS64 implemented in hosts.

BIA is a host translation technique, applicable to the traditional application programs of dual-stack hosts.

ALG (Application Level Gateway)

ALG indicates address translation at the application layer.

ALG is used with NAT to translate messages.

Owing to the problems existing in these translation techniques, only NAT-PT is deployed on products currently. Translation techniques above the network layer have low performance due to several layers to be processed. The network layer translation faces the problem about the ALG. The packet bodies of certain protocols contain IP addresses. To implement the ALG, translation devices must identify the specific application layer protocol.

The IETF has noticed the issues about translation techniques, and described the issues in relevant standards, including application layer gateway for domain name server (DNS-ALG) issues, NAT issues, ALG issues, and scalability concerns. On that basis, the Behavior Engineering for Hindrance Avoidance (BEHAVE) working group of the IETF has re-thought translation techniques and made the following improvements:
  • Stateful translation uses NAT64+DNS64 to simplify and supplant NAT-PT. NAT64 allows only the IPv6 side to initiate connections. Furthermore, NAT-ALG functions are implemented by a separate DNS64.
  • Stateless translation incorporates the notions of SIIT and IVI and uses provider prefixes. IPv6 addresses are embedded with IPv4 addresses and can be self-mapped and therefore are easy to manage.
  • The mapping between IPv4 and IPv6 header translation and the address translation formats are re-defined.
  • The NAT behavior mode that is helpful for service interworking during IPv4/IPv6 translation is specified.
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 19392

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next